#include <stdio.h>

#include <openssl/hmac.h>
#include <openssl/sha.h>

/*pbkdf2*/
#define SHA256_BLOCKLEN  64ul //size of message block buffer
#define SHA256_DIGESTLEN 32ul //size of digest
#define SHA256_DIGESTINT 8ul  //size in uint32_t = 32/4

#include <stdint.h>

//#define SHA256_PLACEBO

typedef struct sha256_ctx_t
{
	uint64_t len;                 // processed message length
	uint32_t h[SHA256_DIGESTINT]; // hash state
	uint8_t buf[SHA256_BLOCKLEN]; // message block buffer
#ifdef SHA256_PLACEBO
	uint32_t W[64]; // so we can secure zero it later
#endif
} SHA256_MONKEY_CTX;

void sha256_init(SHA256_MONKEY_CTX *ctx);
void sha256_update(SHA256_MONKEY_CTX *ctx, const uint8_t *m, uint32_t mlen);
// resets state
void sha256_final(SHA256_MONKEY_CTX *ctx, uint8_t *md);

typedef struct hmac_sha256_ctx_t
{
	uint32_t h_inner[SHA256_DIGESTINT];
	uint32_t h_outer[SHA256_DIGESTINT];
	SHA256_MONKEY_CTX sha;
} HMAC_SHA256_CTX;

void hmac_sha256_init(HMAC_SHA256_CTX *hmac, const uint8_t *key, uint32_t keylen);
void hmac_sha256_update(HMAC_SHA256_CTX *hmac, const uint8_t *m, uint32_t mlen);
// resets state to the one after init
void hmac_sha256_final(HMAC_SHA256_CTX *hmac, uint8_t *md);

void pbkdf2_sha256(const uint8_t *key, uint32_t keylen, const uint8_t *salt, uint32_t saltlen,
	uint32_t rounds, uint8_t *dk, uint32_t dklen);
/*pbkdf2*/


int main(int argc, char *argv[])
{
	printf("Hello, world\n");
	const char * text = "123456";
	const char * sec_txt = "abcdef";
	const char * key = "neworange";
	uint8_t key_len = 9;
	uint8_t now_dst[SHA256_DIGESTLEN];
	char buffer[64];
	int i;
	
	/*libopenssl*/
	printf("start sha256-openssl encrypt...\n");
	static HMAC_CTX         hmac;
    unsigned int            len;

    HMAC_CTX_init(&hmac);

	HMAC_Init_ex(&hmac, key, key_len, EVP_sha256(), NULL);
    HMAC_Update(&hmac, text, strlen(text));
	HMAC_Update(&hmac, sec_txt, strlen(sec_txt));
    HMAC_Final(&hmac, now_dst, &len);
	for(i = 0; i < SHA256_DIGESTLEN; ++i)
	{
		u_char temp1 = now_dst[i];
		sprintf(buffer + i * 2, "%02x", temp1);
	}
	printf("%s:%d,%s\n", __func__, __LINE__, buffer);

	/*pbkdf2*/
	printf("start sha256-pbkdf2 encrypt...\n");
	HMAC_SHA256_CTX ss;
	hmac_sha256_init(&ss, key, key_len);
	hmac_sha256_update(&ss, text, strlen(text));
	hmac_sha256_update(&ss, sec_txt, strlen(sec_txt));
	hmac_sha256_final(&ss, now_dst);
	for(i = 0; i < SHA256_DIGESTLEN; ++i)
	{
		u_char temp1 = now_dst[i];
		sprintf(buffer + i * 2, "%02x", temp1);
	}
	printf("%s:%d,%s\n", __func__, __LINE__, buffer);

	return 0;
}

/*pbkdf2*/
#include <string.h>

static uint32_t ror(uint32_t n, uint32_t k)
{
	return (n >> k) | (n << (32 - k));
}


//#define ror(n,k) ((n >> k) | (n << (32 - k)))


#define Ch(x,y,z)  (z ^ (x & (y ^ z)))
#define Maj(x,y,z) ((x & y) | (z & (x | y)))
#define S0(x)      (ror(x,2) ^ ror(x,13) ^ ror(x,22))
#define S1(x)      (ror(x,6) ^ ror(x,11) ^ ror(x,25))
#define R0(x)      (ror(x,7) ^ ror(x,18) ^ (x>>3))
#define R1(x)      (ror(x,17) ^ ror(x,19) ^ (x>>10))

static const uint32_t K[64] =
{
	0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5, 0x3956c25b, 0x59f111f1, 0x923f82a4, 0xab1c5ed5,
	0xd807aa98, 0x12835b01, 0x243185be, 0x550c7dc3, 0x72be5d74, 0x80deb1fe, 0x9bdc06a7, 0xc19bf174,
	0xe49b69c1, 0xefbe4786, 0x0fc19dc6, 0x240ca1cc, 0x2de92c6f, 0x4a7484aa, 0x5cb0a9dc, 0x76f988da,
	0x983e5152, 0xa831c66d, 0xb00327c8, 0xbf597fc7, 0xc6e00bf3, 0xd5a79147, 0x06ca6351, 0x14292967,
	0x27b70a85, 0x2e1b2138, 0x4d2c6dfc, 0x53380d13, 0x650a7354, 0x766a0abb, 0x81c2c92e, 0x92722c85,
	0xa2bfe8a1, 0xa81a664b, 0xc24b8b70, 0xc76c51a3, 0xd192e819, 0xd6990624, 0xf40e3585, 0x106aa070,
	0x19a4c116, 0x1e376c08, 0x2748774c, 0x34b0bcb5, 0x391c0cb3, 0x4ed8aa4a, 0x5b9cca4f, 0x682e6ff3,
	0x748f82ee, 0x78a5636f, 0x84c87814, 0x8cc70208, 0x90befffa, 0xa4506ceb, 0xbef9a3f7, 0xc67178f2
};

static void processblock(SHA256_MONKEY_CTX *s, const uint8_t *buf)
{
#ifdef SHA256_PLACEBO
	uint32_t *W = s->W;
#else
	uint32_t W[64];
#endif
	uint32_t t1, t2, a, b, c, d, e, f, g, h;
	uint32_t i;
	
	for (i = 0; i < 16; i++) // Note: W might contain sensitive data...
	{
		W[i] = (uint32_t)buf[4 * i    ] << 24;
		W[i] |= (uint32_t)buf[4 * i + 1] << 16;
		W[i] |= (uint32_t)buf[4 * i + 2] << 8;
		W[i] |= buf[4 * i + 3];
	}
	for (; i < 64; i++)
	{
		W[i] = R1(W[i - 2]) + W[i - 7] + R0(W[i - 15]) + W[i - 16];
	}
	a = s->h[0];
	b = s->h[1];
	c = s->h[2];
	d = s->h[3];
	e = s->h[4];
	f = s->h[5];
	g = s->h[6];
	h = s->h[7];
	for (i = 0; i < 64; i++)
	{
		t1 = h + S1(e) + Ch(e, f, g) + K[i] + W[i];
		t2 = S0(a) + Maj(a, b, c);
		h = g;
		g = f;
		f = e;
		e = d + t1;
		d = c;
		c = b;
		b = a;
		a = t1 + t2;
	}
	s->h[0] += a;
	s->h[1] += b;
	s->h[2] += c;
	s->h[3] += d;
	s->h[4] += e;
	s->h[5] += f;
	s->h[6] += g;
	s->h[7] += h;
}

static void pad(SHA256_MONKEY_CTX *s)
{
	uint32_t r = s->len % SHA256_BLOCKLEN;
	
	s->buf[r++] = 0x80;
	if (r > 56)
	{
		memset(s->buf + r, 0, SHA256_BLOCKLEN - r);
		r = 0;
		processblock(s, s->buf);
	}
	memset(s->buf + r, 0, 56 - r);
	s->len *= 8;
	s->buf[56] = s->len >> 56;
	s->buf[57] = s->len >> 48;
	s->buf[58] = s->len >> 40;
	s->buf[59] = s->len >> 32;
	s->buf[60] = s->len >> 24;
	s->buf[61] = s->len >> 16;
	s->buf[62] = s->len >> 8;
	s->buf[63] = s->len;
	processblock(s, s->buf);
}

void sha256_init(SHA256_MONKEY_CTX *s)
{
	s->len = 0;
	
	s->h[0] = 0x6a09e667;
	s->h[1] = 0xbb67ae85;
	s->h[2] = 0x3c6ef372;
	s->h[3] = 0xa54ff53a;
	s->h[4] = 0x510e527f;
	s->h[5] = 0x9b05688c;
	s->h[6] = 0x1f83d9ab;
	s->h[7] = 0x5be0cd19;
	
	//memset(s->buf, 0, SHA256_BLOCKLEN);
}

void sha256_final(SHA256_MONKEY_CTX *s, uint8_t *md)
{
	uint32_t i;
	
	pad(s);
	for (i = 0; i < SHA256_DIGESTINT; i++)
	{
		md[4 * i    ] = s->h[i] >> 24;
		md[4 * i + 1] = s->h[i] >> 16;
		md[4 * i + 2] = s->h[i] >> 8;
		md[4 * i + 3] = s->h[i];
	}
	sha256_init(s); // reset;
}

void sha256_update(SHA256_MONKEY_CTX *s, const uint8_t *m, uint32_t len)
{
	const uint8_t *p = m;
	uint32_t r = s->len % SHA256_BLOCKLEN;
	
	s->len += len;
	if (r)
	{
		if (len < SHA256_BLOCKLEN - r)
		{
			memcpy(s->buf + r, p, len);
			return;
		}
		memcpy(s->buf + r, p, SHA256_BLOCKLEN - r);
		len -= SHA256_BLOCKLEN - r;
		p += SHA256_BLOCKLEN - r;
		processblock(s, s->buf);
	}
	for (; len >= SHA256_BLOCKLEN; len -= SHA256_BLOCKLEN, p += SHA256_BLOCKLEN)
	{
		processblock(s, p);
	}
	memcpy(s->buf, p, len);
}

#define INNER_PAD '\x36'
#define OUTER_PAD '\x5c'

void hmac_sha256_init(HMAC_SHA256_CTX *hmac, const uint8_t *key, uint32_t keylen)
{
	if (keylen <= SHA256_BLOCKLEN)
	{
		memcpy(hmac->sha.buf, key, keylen);
		memset(hmac->sha.buf + keylen, '\0', SHA256_BLOCKLEN - keylen);
	}
	else
	{
		sha256_init(&hmac->sha);
		sha256_update(&hmac->sha, key, keylen);
		sha256_final(&hmac->sha, hmac->sha.buf);
		memset(hmac->sha.buf + SHA256_DIGESTLEN, '\0', SHA256_BLOCKLEN - SHA256_DIGESTLEN);
	}
	
	// This relies on the fact that:
	// 1. sha256_init keeps sha.buf untouched
	// 2. sha256_update keeps sha.buf untouched if message length is SHA256_BLOCKLEN
	uint32_t i;
	for (i = 0; i < SHA256_BLOCKLEN; i++)
	{
		hmac->sha.buf[ i ] = hmac->sha.buf[ i ] ^ OUTER_PAD;
	}
	
	sha256_init(&hmac->sha);
	sha256_update(&hmac->sha, hmac->sha.buf, SHA256_BLOCKLEN);
	memcpy(hmac->h_outer, hmac->sha.h, SHA256_DIGESTLEN);
	
	//uint32_t i;
	for (i = 0; i < SHA256_BLOCKLEN; i++)
	{
		hmac->sha.buf[ i ] = (hmac->sha.buf[ i ] ^ OUTER_PAD) ^ INNER_PAD;
	}
	
	sha256_init(&hmac->sha);
	sha256_update(&hmac->sha, hmac->sha.buf, SHA256_BLOCKLEN);
	memcpy(hmac->h_inner, hmac->sha.h, SHA256_DIGESTLEN);
}

void hmac_sha256_update(HMAC_SHA256_CTX *hmac, const uint8_t *m, uint32_t mlen)
{
	sha256_update(&hmac->sha, m, mlen);
}

void hmac_sha256_final(HMAC_SHA256_CTX *hmac, uint8_t *md)
{
	sha256_final(&hmac->sha, md);
	
	hmac->sha.len = SHA256_BLOCKLEN;
	memcpy(hmac->sha.h, hmac->h_outer, SHA256_DIGESTLEN);
	
	sha256_update(&hmac->sha, md, SHA256_DIGESTLEN);
	sha256_final(&hmac->sha, md);
	
	// reset sha back to initial state
	hmac->sha.len = SHA256_BLOCKLEN;
	memcpy(hmac->sha.h, hmac->h_inner, SHA256_DIGESTLEN);
}
/*pbkdf2*/